[sudo-users] sudo segfaults when talking to ldap

Mauricio Tavares raubvogel at gmail.com
Mon Jun 16 12:16:27 MDT 2014

This is ubuntu 14.04LTS, and sudo in question is (should be)
1.8.9 per http://packages.ubuntu.com/trusty/sudo-ldap. When I tried
using it, it would talk to the ldap server and then segfault:

  raub at testfirewall:~$ sudo pwd
  sudo: LDAP Config Summary
  sudo: ===================
  sudo: uri ldap://kdc.domain.com ldap://kdc2.domain.com
  sudo: ldap_version 3
  sudo: sudoers_base ou=SUDOers,dc=domain,dc=com
  sudo: binddn (anonymous)
  sudo: bindpw (anonymous)
  sudo: bind_timelimit 3
  sudo: timelimit 3
  sudo: deref 0
  sudo: ssl start_tls
  sudo: tls_cacertfile /etc/ssl/certs/ca-
  sudo: use_sasl yes
  sudo: sasl_auth_id (NONE)
  sudo: rootuse_sasl -1
  sudo: rootsasl_auth_id (NONE)
  sudo: sasl_secprops (NONE)
  sudo: krb5_ccname FILE:/tmp/host.tkt
  sudo: ===================
  sudo: ldap_set_option: debug -> 0
  sudo: ldap_set_option: tls_cacertfile -> /etc/ssl/certs/ca-certificates.crt
  sudo: ldap_set_option: tls_cacert -> /etc/ssl/certs/ca-certificates.crt
  sudo: ldap_initialize(ld, ldap://kdc.domain.com ldap://kdc2.domain.com)
  sudo: ldap_set_option: ldap_version -> 3
  sudo: ldap_set_option: timelimit -> 3
  sudo: ldap_set_option(LDAP_OPT_TIMEOUT, 3)
  sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 3)
  sudo: ldap_start_tls_s() ok
  sudo: sudo_ldap_sasl_interact: SASL_CB_USER
  Segmentation fault (core dumped)

  raub at testfirewall:~$

syslog seems to imply there is something interesting with libc (could
be me second guessing here):

  Jun 5 15:16:26 testfirewall kernel: [2068248.457275] sudo[22925]:
segfault at 0 ip 00007f2feb02692a sp 00007ffff55073b8 error 4 in

If I disable ldap, it seems to work fine. Any suggestions of where I
should be going next?

More information about the sudo-users mailing list